<?php
require_once ('../../config/include_paths.php');
require_once('config.php');
require_once('dbconnect.php');	// database connect script.
session_start();
$postOK = ((isset($_POST['submit'])) && (isset($_POST['uname'])) && (isset($_POST['passwd'])) && (isset($_POST['newUser'])));
if($postOK && $_POST['newUser'] == 'true') {
	$sql= "SELECT randomkey FROM settings";
	$result = mysql_query($sql,$conn);
	while($row = mysql_fetch_array($result))
	  {
	  $dbKey = $row['randomkey'];
	  }
	 $str = DB_NAME.DB_USER.DB_PASS.$_POST['passwd'];
	 $strHash = hash('md5', $str);
	 if($dbKey == $strHash) {
		 // new admin
		 if (!get_magic_quotes_gpc()) {
		$_POST['uname'] = addslashes($_POST['uname']);
		}
		$date = date('n/j/Y');
		$regDate = date("Y-m-d H:i:s");
		$pw =  hash('md5', $_POST['passwd']);
		$sql ="INSERT INTO users (username, password, admin, regdate, last_login)
		VALUES ('".$_POST['uname']."', '".$pw."', '1', '".$regDate."', '".$date."')";
		$result = mysql_query($sql,$conn);
		if (mysql_errno($conn)){
			$errors++;
			echo mysql_errno($conn) . ": " . mysql_error($conn). "<br />";
		}
		$_SESSION['username'] = $_POST['uname'];
		$_SESSION['password'] = $_POST['passwd'];
		$_SESSION['admin'] = 1;
		$_SESSION['logged_in'] = 1;
		mysql_close($conn);
		header('Location: settings.php?user=newuser');
		exit;
		}else{
			
			
// code for adding new users can go here
			
			}
}
?>